MPLS VPN--BGP Local Convergence

Last Updated: June 6, 2012

This document provides information about reducing the downtime of a provider edge (PE) to customer edge (CE) link failure. It describes how to reroute PE-egress traffic onto a backup path to the CE before BGP has reconverged. The MPLS VPN--BGP Local Convergence feature is also referred to as "local protection."

This document explains how to use PE-CE local convergence. For information on using BGP PIC Edge for BGP local convergence support, see BGP PIC Edge for IP and MPLS-VPN.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for MPLS VPN--BGP Local Convergence

Before MPLS VPN --BGP Local Convergence link protection can be enabled, the customer site must be connected to the provider site by more than one path.

Both the main forwarding path and the redundant backup path must have been installed within Border Gateway Protocol (BGP), and BGP must support lossless switchover between operational paths.

Any of the supported routing protocols can be used between the PE and CE as long as the path is redistributed into BGP. The supported protocols for IPv4 are External BGP (eBGP), Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), and static routing.The supported protocols for IPv6 are External BGP (eBGP) and static routing.

All PE routers that are serving as backup to the link must have assigned a unique Route Distinguisher to each VRF table involved with the link to ensure that the route reflectors advertise all available paths.

Although not required, it is recommended that the backup PE (shown as "PE2" in the figure below) runs the same Cisco IOS release that is running on the PE ("PE1") whose link with the CE will be protected; that is, Cisco IOS Release 12.2(33) SRC, 12.2(33)SB, Cisco IOS 15.0(1)M, Cisco IOS 15.0(1)S, or a more recent version of those products.

Restrictions for MPLS VPN--BGP Local Convergence

This link protection cannot be initiated
during a high availability (HA) stateful switchover (SSO). But links already configured with this protection
before the switchover begins will remain protected after the switchover.

If you perform an in-service software downgrade from an image that does include this link protection to an image that does not support this feature, active protection will be halted when BGP routes are refreshed.

Any next-hop core tunneling technology that is supported by BGP is also supported for protection, including Multiprotocol Label Switching (MPLS), IP/Layer 2 Tunneling Protocol version 3 (L2TPv3), and IP/generic routing encapsulation (GRE). Enabling a Carrier Supporting Carrier (CsC) protocol between the PE and CE is also supported. Interautonomous system option A (back-to-back virtual routing and forwarding (VRF)) is supported because it is essentially the same as performing the PE-CE link protection in both autonomous systems. However, interautonomous system options B and C protection are not supported.

Information About MPLS VPN--BGP Local Convergence

How Link Failures Are Handled with BGP

Within a Layer 3 VPN network, the failure of a PE-CE link can cause a loss of connectivity (LoC) to a customer site, which is detrimental to time-sensitive applications. Several factors contribute to the duration of such an outage:

The time to detect the failure

The programming of the forwarding

The convergence of BGP (in large networks, the restored traffic arrival time at its destination varies according to the prefix)

When BGP detects a PE-CE link failure, it removes all of the BGP paths through the failing link. BGP runs the best-path algorithm on the affected prefixes and selects alternate paths for each prefix. These new paths (which typically include a remote PE) are installed into forwarding. The local labels are removed and BGP withdrawals are sent to all BGP neighbors. As each BGP neighbor receives the withdrawal messages (typically indirectly using routereflectors), the best-path algorithm is called and the prefixes are switched to an alternate path. Only then is connectivity restored.

How Links Are Handled with the MPLS VPN--BGP Local Convergence Feature

The MPLS VPN--BGP Local Convergence feature requires that the prefixes to be protected on a PE-CE link have at least one backup path that does not include that link. (See the figure below.) The customer site must have backup paths to the provider site.

Figure 1

Network Configured with Primary and Backup Paths

The MPLS VPN--BGP Local Convergence feature reduces LoC time by sending the broken link's traffic over a backup path (as shown in the figure below) instead of waiting for total network convergence. The local label is maintained for 5 minutes while prefixes switch from the failing local path to the backup path. Because the label is not freed as had been the usual practice, forwarding continues to take place.

The best-path algorithm selects the backup path. Thus, the local label has been applied in place of the failed BGP best-path label (which is sometimes called "label swapping"). Traffic is restored locally while the network propagation of the BGP withdrawal messages takes place. Eventually, the egress PE router converges and bypasses the local repair.

Figure 2

Network Using the Backup Path After a PE-CE Link Failure on the Primary Path

Note

After the 5-minute label preservation, the local labels are freed. Any BGP prefix that is remote and is not part of a CsC network does not have a local label and is removed. The delay in local label deletion does not modify normal BGP addition and deletion of BGP paths. Rather, BGP reprograms the new backup bestpath into forwarding as usual.

How Link Failures Are Detected

Local protection relies on BGP being notified of the interface failure. Detection can occur using either the interface drivers or the routing tables. If an interface or route goes down, the corresponding path in the routing table is removed and BGP will be notified using the routing application programming interfaces (APIs).

However, when the routing table cannot detect the failure (as when a Layer 2 switch goes down), BGP determines that a neighbor is down through use of its hold-down timer. However, that determination can be extremely slow because of the 3-minute default for BGP session timeout.

You can reduce the detection delay by either reducing the BGP session timeout interval (as described in the Configuring Internal BGP Features document) or by enabling the Bidirectional Forwarding Detection (BFD) protocol within eBGP between the PE and CE. For complete instructions to enable BFD, see the Bidirectional Forwarding Detection document.

How to Enable MPLS VPN--BGP Local Convergence

Note

To configure a VPN routing and forwarding (VRF) instance for IPv4 and IPv6 VPNs or to upgrade your existing single-protocol IPv4-only VRF to a multiprotocol VRF configuration, see MPLS VPN--VRF CLI for IPv4 and IPv6 VPNs.

Configuring MPLS VPN--BGP Local Convergence with IPv4

Ensure that the CE is already connected to the PE by a minimum of two paths.

SUMMARY STEPS

1.enable

2.configure terminal

3.ip vrfvrf-name

4.rdroute-distinguisher

5.protection local-prefixes

6.do show ip vrf detail

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip vrfvrf-name

Example:

Router(config)# ip vrf vpn1

Enters VRF configuration mode.

If no VRF routing table and Cisco Express Forwarding table had been previously created for this named VRF, then this command also creates them, giving both tables the specified value for the
vrf-name argument (in this example, the name is vpn1).

Step 4

rdroute-distinguisher

Example:

Router(config-vrf)# rd 100:3

(Optional) Establishes the route distinguisher for the named VRF.

If no route distinguisher had been previously established for the named VRF, then you must enter this command.

The route distinguisher value can be either an:

Autonomous system number followed by a colon and an arbitrary number (for example, 100:3)

or

IP address followed by a colon and an arbitrary number (for example, 192.168.122.15:1)

Step 5

protection local-prefixes

Example:

Router(config-vrf)# protection local-prefixes

Allows a preconfigured backup path to carry traffic if the PE-CE link breaks by preserving the local prefixes while BGP reconverges.

Step 6

do show ip vrf detail

Example:

Router(config-vrf)# do show ip vrf detail

(Optional) Verifies that the MPLS VPN--BGP Local Convergence feature has been configured.

Configuring MPLS VPN--BGP Local Convergence with IPv6

Before You Begin

Ensure that the CE is already connected to the PE by a minimum of two paths.

SUMMARY STEPS

1.enable

2.configure terminal

3.vrf definitionvrf-name

4.rdroute-distinguisher

5.address-family [ipv4 |
ipv6]

6.protection local-prefixes

7.do show ip vrf detail

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

vrf definitionvrf-name

Example:

Router(config)# vrf definition vrf2

Enters VRF configuration mode.

If no VRF routing table and Cisco Express Forwarding table had been previously created for this named VRF, then this command also creates them, giving both tables the specified value for the
vrf-name argument (in this example, the name is vrf2).

Step 4

rdroute-distinguisher

Example:

Router(config-vrf)# rd 100:3

(Optional) Establishes the route distinguisher for the named VRF.

If no route distinguisher had been previously established for the named VRF, then you must enter this command.

The route distinguisher value can be either an:

Autonomous system number followed by a colon and an arbitrary number (for example, 100:3)

or

IP address followed by a colon and an arbitrary number (for example, 192.168.122.15:1)

Step 5

address-family [ipv4 |
ipv6]

Example:

Router(config-vrf)# address-family ipv6

Enters VRF address family configuration mode and specifies the IPv4 or IPv6 protocol.

Step 6

protection local-prefixes

Example:

Router(config-vrf-af)# protection local-prefixes

Allows a preconfigured backup path to carry traffic if the PE-CE link breaks by preserving the local prefixes while BGP reconverges.

Step 7

do show ip vrf detail

Example:

Router(config-vrf-af)# do show ip vrf detail

(Optional) Verifies that the MPLS VPN to BGP Local Convergence feature has been configured.

Examples

To verify that local link protection has been enabled, enter the
show ip vrf detail command. If the protection is enabled, the status message "Local prefix protection enabled" will be shown in the display:

Troubleshooting Tips

Ensure that a minimum of two paths are present for the protected prefix in BGP in steady state condition on the PE. The path using the protected PE should be the BGP best-path before failover occurs. To display the configuration, enter the
show ip bgp vpnv4 vrfvpnip-prefix command.

Ensure that local protection has been enabled in the protected PE by entering the
show ip vrf detail command, as shown in the
Examples.

When route reflectors exist in the topology, ensure that each VRF has a unique route distinguisher.

Configuration Examples for MPLS VPN--BGP Local Convergence

Example MPLS VPN--BGP Local Convergence

The following examples show how MPLS VPN--BGP local convergence can prevent traffic loss after a link failure. You can display a detailed view of local link protection before, during, and after BGP convergence by using the
show bgp vpnv4 and
show mpls forwarding-table vrf commands as shown in the following three-stage example.

Note

The
show bgp vpnv4 unicast command is equivalent to the
show ip bgp vpnv4 command.

Example MPLS VPN--BGP Local Convergence for 6VPE 6PE

You can display a detailed view of local link protection before, during, and after BGP local convergence for Cisco IOS VPN IPv6 provider edge routers (6VPE) and Cisco IOS IPv6 provider edge routers (6PE) over MPLS by using the
show bgp vpnv6 and
show mpls forwarding-table vrf commands as shown in the following three-stage example.

The figure below shows an MPLS VPN with BGP local convergence configured. The PE to CE routing protocol is eBGP, and the PE to route reflector (RR) sessions are BGP VPNv6. The protected prefix is the CE 1 loopback (2001:0DB8::/128). The primary path is from PE 1 to CE 1. The secondary path is from PE 1, through P and PE3, to CE 1.

Example 1: Before the Link Failure

Both a primary path and a backup path have been configured for the prefix 2001:0DB8::/128. The inlabel/outlabel settings for the two paths are 28/28 and 28/nolabel.

RFCs

RFC

Title

RFC 2547

BGP/MPLS VPNs

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

Feature Information for MPLS VPN--BGP Local Convergence

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1

Feature Information for MPLS VPN--BGP Local Convergence

Feature Name

Releases

Feature Information

MPLS VPN--BGP Local Convergence

12.2(33)SRC

12.2(33)SB

15.0(1)M

This feature reduces the downtime of a PE-CE link failure by rerouting PE-egress traffic onto a backup path to the CE before BGP has reconverged.

In 12.2(33)SRC, this feature was introduced on the Cisco 7200 and the Cisco 7600.

In 12.2(33)SB, this feature became available on the Cisco 7300 series and the Cisco 10000 series routers.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.